Skip to main content

Ionic2 - Security for Cordova mobile applications

One of the great challenge for mobile developers is securing it. In case of Cordova based mobile applications, this challenge is more complex. Since, all the cordova based mobile applications are nothing but an website with index.html. The only difference here is that this website runs within your mobile and all the html pages are wrapped within native container of mobile platforms.

Let's look at the some of the points to be taken care while securing your mobile application:

Cordova Whitelist Plugin

This helps in restricting the access from your application to external websites. It prevents attackers to get information about user by injecting their own javascript code into your application. By default access policy is set to allow access for all domains.
<access origin="*" />

Change this to point only to your site
<access origin="https://yoursite.com/" />



Transfer Data Using Https:

Data transferred over http can be intercepted and altered, but data sent over https can not be intercepted and altered.

Don't Store Sensitive information in LocalStorage  

One of the biggest mistake that is being done by hybrid developers is that many of them store sensitive information like username and password into the localstorage. Localstorage of one application can be accessed  by the other application. It's like storing username and password into browser, which is of course not advisable.

Instead of storing username and password, try storing tokens such as JWT tokens. One thing to take care is that, do not use password while creating JWT tokens. Since JWT tokens are a key, which can be intercepted by attacker, but then also it does not provide any sensitive information to attacker. JWT tokens does not contain any sensitive information about user. They are just use to authenticate users.  Although, if someone was able to get JWT tokens, they can log on behalf of user, We need to consider this while developing our application.

Use Authentication Service

You can also develop your own authentication  service for mobile application. It should also be taken care that, developing an own authentication service is difficult task as w need to take about a lot of security perspectives. You can use Social providers such as Google, Facebook, Github etc. for authenticating users. There are also Services like Auth0 or OAuth which can be used to secure your application.

You can also integrate your server with Ionic Auth for authentication purpose.

Hope this post would have given you clear understanding about authentication in hybrid mobile applications.
Labels:

Comments

Post a Comment

Popular posts from this blog

Ionic2 - Secure Storage in mobile application

Securing communication between mobile application and back-end server is crucial. We should authenticate the requests sent from mobile applications before serving them. Authentication may require username and password for the user, which most of the developers store into mobile local-storage.  Storing sensitive information in local-Storage is a very bad practice, instead you should use other options such as JWT tokens or Social providers. To get more information look to Security for Cordova mobile applications . An token is also an sensitive information, which we need to store somewhere, so what shall we do? Thank God cordova have such large community support, we will look for one of such plugin which can help us here. Before using plugin, lets first create the blank ionic2 application ionic start --v2 SecureStorageExample blank navigate to the directory of your application  and add the secure storage plugin using the below command ionic plugin add cordov...
8 comments
Read more

Ionic2 - Hammer JS Example

Gesture event support is also one of the reason behind popularity of mobile applications. Capturing gesture events can be easily done in case of native mobile applications, since all the mobile platform expose gesture events in native code. Since Hybrid mobile applications are built over html and  javascript,  html don't support gesture events. There could be scenario's, where you wants to provide support for your hybrid mobile application. In such cases, we can use Hammer.JS  . Angular version 2 also provides support for Hammer.JS, about the same we will look into this post. Let's say we want to design a simple box, which we can rotate in any direction as shown Here we are trying to rotate the box in any direction by using Gesture events. To perform rotation we need to use two fingers. Let's see how we can implement the same in Ionic. Let's create a blank application using command ionic start hammerjsExample blank --v2 Now let's add Hammer.JS ...
4 comments
Read more

Ionic2 - Internationalization using ng2-translate

To target target people from different countries, i18n support is required for your mobile app . Here in India where there are so many local languages, i18n support in mobile apps is must. In This blog, we will look how we can achieve i18n in ionic2 apps. We all know ionic2 is based on angular version 2. New angular version has it's own internationalization(i18n) approach , but sadly this approach is not yet supported in ionic2. Ionic team suggests to use ng2-translate for the internationalization in ionic2. Let's begin with it Create a blank application in ionic2 ionic start --v2 i18Ionic blank navigate to folder i18Ionic in terminal/cmd and install ng2-translate npm package in your ionic project npm install ng2-translate --save Once the npm package is installed, we are ready to configure our application for i18n support. in ng2-translate, we need to create json specific to the languages which we want to support in our code. In this example we will s...
3 comments
Read more